ben221199 · February 3, 2026 00:09
diff --git a/Dockerfile b/Dockerfile
 FROM nginx

 RUN apt update
 RUN apt-get install -y git golang make pkcs11-provider wget

 WORKDIR /opt

 # ForkFix Module (for preventing deadlocks after forking)
 RUN git clone https://github.com/yocto/pkcs11-module-forkfix-go.git
 RUN cd pkcs11-module-forkfix-go && make

 # KMIP Module
 RUN git clone https://github.com/yocto/pkcs11-module-kmip-go.git
 RUN cd pkcs11-module-kmip-go && make

 RUN cat openssl-providers.cnf >> /etc/ssl/openssl.cnf

 ENV PKCS11_DEBUG=0
 ENV PKCS11_KMIP_SERVER=example.com:5696
 ENV PKCS11_SUBMODULE=/usr/lib/pkcs11/pkcs11-kmip.so

 CMD nginx -g "daemon off;"
diff --git a/openssl-providers.cnf b/openssl-providers.cnf
 [provider_sect]
 pkcs11 = pkcs11_sect

 [default_sect]
 activate = 1

 [pkcs11_sect]
 activate = 1
 #module = /usr/lib/ossl-modules/pkcs11.so
 module = /usr/lib/x86_64-linux-gnu/ossl-modules/pkcs11.so
 pkcs11-module-load-behavior = early
 pkcs11-module-path = /usr/lib/pkcs11/pkcs11-forkfix.so
	FROM nginx

	RUN apt update
	RUN apt-get install -y git golang make pkcs11-provider wget

	WORKDIR /opt

	# ForkFix Module (for preventing deadlocks after forking)
	RUN git clone https://github.com/yocto/pkcs11-module-forkfix-go.git
	RUN cd pkcs11-module-forkfix-go && make

	# KMIP Module
	RUN git clone https://github.com/yocto/pkcs11-module-kmip-go.git
	RUN cd pkcs11-module-kmip-go && make

	RUN cat openssl-providers.cnf >> /etc/ssl/openssl.cnf

	ENV PKCS11_DEBUG=0
	ENV PKCS11_KMIP_SERVER=example.com:5696
	ENV PKCS11_SUBMODULE=/usr/lib/pkcs11/pkcs11-kmip.so

	CMD nginx -g "daemon off;"
	[provider_sect]
	pkcs11 = pkcs11_sect

	[default_sect]
	activate = 1

	[pkcs11_sect]
	activate = 1
	#module = /usr/lib/ossl-modules/pkcs11.so
	module = /usr/lib/x86_64-linux-gnu/ossl-modules/pkcs11.so
	pkcs11-module-load-behavior = early
	pkcs11-module-path = /usr/lib/pkcs11/pkcs11-forkfix.so